Eye on Asia | Australia’s new telecom bill allowing law enforcement access to encrypted messages (like WhatsApp) could backfire

The Australian Senate’s last piece of business for 2018 was to hurriedly pass the Telecommunications and Other Legislation (Assistance and Access) Bill before the end of the year.

Among the new powers, is the power to issue technical capability notices to companies that provide encrypted products and services to require them to ensure their systems would allow exceptional access for law enforcement and/or intelligence agencies.

This follows a statement from the Five Country (Australia, New Zealand, Canada, UK, US) Ministerial in August 2018, that “should governments continue to encounter impediments to lawful access to information … we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions”.

Australia is not the first country to pursue this approach. The UK has a similar power in its Investigatory Powers Act 2016, and the US has brought cases against companies like Apple and Facebook asking courts to order they modify their systems.

Inserting means of access in encrypted services creates new vulnerabilities that could be exploited by attackers, not just by law enforcement and intelligence agencies. While circumventing the use of encryption might seem like an answer – legal measures to bypass encryption simply undermine it and the trust users have in the security of their messages and data. Further, criminals and terrorists would simply seek out “underground” encryption services or make their own, effectively avoiding the outcome governments are hoping to achieve.

Companies that are asked to provide exceptional access might turn off end-to-end encryption, deactivate “encryption on by default”, disable smartphone “kill switches” or take away users’ sole ability to decrypt their smartphones. These are the very features that have vastly improved security and privacy for millions of users throughout the Asia-Pacific region.